Lucene search
AmazonALAS-2023-1880HistoryOct 30, 2023 - 11:31 p.m.
Important: python27
2023-10-3023:31:00
alas.aws.amazon.com
15
xml vulnerability
cve-2022-48565
red hat
mitre
unix
python27-devel
python27-debuginfo
python27-2.7.18
python27-tools
python27-test
python27-libs
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.2 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
47.8%
Issue Overview:
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. (CVE-2022-48565)
Affected Packages:
python27
Issue Correction:
Run yum update python27 to update your system.
New Packages:
i686:
python27-devel-2.7.18-2.149.amzn1.i686
python27-debuginfo-2.7.18-2.149.amzn1.i686
python27-2.7.18-2.149.amzn1.i686
python27-tools-2.7.18-2.149.amzn1.i686
python27-test-2.7.18-2.149.amzn1.i686
python27-libs-2.7.18-2.149.amzn1.i686
src:
python27-2.7.18-2.149.amzn1.src
x86_64:
python27-tools-2.7.18-2.149.amzn1.x86_64
python27-libs-2.7.18-2.149.amzn1.x86_64
python27-devel-2.7.18-2.149.amzn1.x86_64
python27-debuginfo-2.7.18-2.149.amzn1.x86_64
python27-test-2.7.18-2.149.amzn1.x86_64
python27-2.7.18-2.149.amzn1.x86_64
Additional References
Red Hat: CVE-2022-48565
Mitre: CVE-2022-48565
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | python27-devel | < 2.7.18-2.149.amzn1 | python27-devel-2.7.18-2.149.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | python27-debuginfo | < 2.7.18-2.149.amzn1 | python27-debuginfo-2.7.18-2.149.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | python27 | < 2.7.18-2.149.amzn1 | python27-2.7.18-2.149.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | python27-tools | < 2.7.18-2.149.amzn1 | python27-tools-2.7.18-2.149.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | python27-test | < 2.7.18-2.149.amzn1 | python27-test-2.7.18-2.149.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | python27-libs | < 2.7.18-2.149.amzn1 | python27-libs-2.7.18-2.149.amzn1.i686.rpm |
| Amazon Linux | 1 | x86_64 | python27-tools | < 2.7.18-2.149.amzn1 | python27-tools-2.7.18-2.149.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | python27-libs | < 2.7.18-2.149.amzn1 | python27-libs-2.7.18-2.149.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | python27-devel | < 2.7.18-2.149.amzn1 | python27-devel-2.7.18-2.149.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | python27-debuginfo | < 2.7.18-2.149.amzn1 | python27-debuginfo-2.7.18-2.149.amzn1.x86_64.rpm |
Related
prion
prion
Xxe
2023-08-22 19:16:00
ubuntu
ubuntu
Python vulnerability
2023-09-07 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2024-1698)
2024-05-17 00:00:00
Fedora: Security Advisory for python2.7 (FEDORA-2023-348a0dbcf3)
2023-10-22 00:00:00
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2024-1291)
2024-03-12 00:00:00
osv
osv
CVE-2022-48565
2023-08-22 19:16:32
python2.7, python3.5 vulnerability
2023-09-07 16:00:44
BIT-python-2022-48565
2024-03-06 11:04:23
nessus
nessus
Fedora 40 : python2.7 (2023-de99cdb793)
2024-04-29 00:00:00
Fedora 37 : python2.7 (2023-e47078af3e)
2023-10-21 00:00:00
EulerOS Virtualization 3.0.6.0 : python3 (EulerOS-SA-2024-1698)
2024-05-17 00:00:00
cloudlinux
cloudlinux
python: Fix of CVE-2022-48565
2023-10-09 19:03:14
amazon
amazon
Important: python3
2023-10-25 21:40:00
Important: python
2023-10-30 23:59:00
Important: python3
2023-10-25 21:40:00
fedora
fedora
[SECURITY] Fedora 38 Update: python2.7-2.7.18-35.fc38
2023-10-21 01:29:59
[SECURITY] Fedora 37 Update: python2.7-2.7.18-35.fc37
2023-10-21 01:26:15
[SECURITY] Fedora 39 Update: python2.7-2.7.18-35.fc39
2023-11-03 18:57:04
redhatcve
redhatcve
CVE-2022-48565
2023-09-21 15:54:42
cvelist
cvelist
CVE-2022-48565
2023-08-22 00:00:00
debiancve
debiancve
CVE-2022-48565
2023-08-22 19:16:32
veracode
veracode
XML External Entity (XXE)
2023-08-30 22:31:01
ubuntucve
ubuntucve
CVE-2022-48565
2023-08-22 00:00:00
cve
cve
CVE-2022-48565
2023-08-22 19:16:32
nvd
nvd
CVE-2022-48565
2023-08-22 19:16:32
ibm
ibm
Security Bulletin: Vulnerabilities in Watson NLP and WebSphere Liberty may affect IBM Robotic Process Automation for Cloud Pak
2024-01-03 21:45:33
Security Bulletin: Vulnerability in Python affects IBM Process Mining . Multiple CVEs
2023-10-09 10:43:31
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
2024-03-27 19:39:32
f5
f5
redos
redos
ROS-20240409-02
2024-04-09 00:00:00
almalinux
almalinux
Moderate: python27:2.7 security update
2024-05-22 00:00:00
oraclelinux
oraclelinux
python27:2.7 security update
2024-05-24 00:00:00
redhat
redhat
(RHSA-2024:2987) Moderate: python27:2.7 security update
2024-05-22 06:35:16
debian
debian
[SECURITY] [DLA 3614-1] python3.7 security update
2023-10-11 19:34:27
[SECURITY] [DLA 3575-1] python2.7 security update
2023-09-20 19:20:16
mageia
mageia
Updated python python3 packages fix security vulnerabilities
2024-03-23 04:00:08
photon
photon
Critical Photon OS Security Update - PHSA-2023-3.0-0646
2023-09-09 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.2 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
47.8%
Related for ALAS-2023-1880